* [PATCH 0/1] libarchive: Fix CVE-2016-1541
@ 2016-05-10 20:29 Leo Famulari
2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-10 20:29 UTC (permalink / raw)
To: guix-devel
There is a buffer overflow in libarchive, CVE-2016-1541 [0]. According
to MITRE description, it "allows remote attackers to execute arbitrary
code via crafted entry-size values in a ZIP archive."
Yikes!
This patch applies the upstream patch [1].
Requesting your review, since soooo many packages depend on libarchive.
I will follow this commit with an "ungrafting" commit on core-updates.
[0]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541
[1]
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
Leo Famulari (1):
gnu: libarchive: Fix CVE-2016-1541.
gnu/local.mk | 1 +
gnu/packages/backup.scm | 9 +++
.../patches/libarchive-CVE-2016-1541.patch | 67 ++++++++++++++++++++++
3 files changed, 77 insertions(+)
create mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch
--
2.8.2
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/1] gnu: libarchive: Fix CVE-2016-1541.
2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari
@ 2016-05-10 20:29 ` Leo Famulari
2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès
2016-05-15 6:45 ` Leo Famulari
2 siblings, 0 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-10 20:29 UTC (permalink / raw)
To: guix-devel
* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive/fixed): New variable.
* gnu/packages/patches/libarchive-CVE-2016-1541.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 1 +
gnu/packages/backup.scm | 9 +++
.../patches/libarchive-CVE-2016-1541.patch | 67 ++++++++++++++++++++++
3 files changed, 77 insertions(+)
create mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index f2436ed..ca1832e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -572,6 +572,7 @@ dist_patch_DATA = \
gnu/packages/patches/liba52-use-mtune-not-mcpu.patch \
gnu/packages/patches/libarchive-bsdtar-test.patch \
gnu/packages/patches/libarchive-CVE-2013-0211.patch \
+ gnu/packages/patches/libarchive-CVE-2016-1541.patch \
gnu/packages/patches/libarchive-fix-lzo-test-case.patch \
gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
gnu/packages/patches/libbonobo-activation-test-race.patch \
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index a7b48f1..917bee7 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -136,6 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
+ (replacement libarchive/fixed)
(version "3.1.2")
(source
(origin
@@ -193,6 +194,14 @@ archive. In particular, note that there is currently no built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
+(define libarchive/fixed
+ (package
+ (inherit libarchive)
+ (source (origin
+ (inherit (package-source libarchive))
+ (patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
+ (origin-patches (package-source libarchive))))))))
+
(define-public rdup
(package
(name "rdup")
diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
new file mode 100644
index 0000000..6ac8773
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
@@ -0,0 +1,67 @@
+Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
+
+Taken from upstream source repository:
+https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
+
+When reading OS X metadata entries in Zip archives that were stored
+without compression, libarchive would use the uncompressed entry size
+to allocate a buffer but would use the compressed entry size to limit
+the amount of data copied into that buffer. Since the compressed
+and uncompressed sizes are provided by data in the archive itself,
+an attacker could manipulate these values to write data beyond
+the end of the allocated buffer.
+
+This fix provides three new checks to guard against such
+manipulation and to make libarchive generally more robust when
+handling this type of entry:
+ 1. If an OS X metadata entry is stored without compression,
+ abort the entire archive if the compressed and uncompressed
+ data sizes do not match.
+ 2. When sanity-checking the size of an OS X metadata entry,
+ abort this entry if either the compressed or uncompressed
+ size is larger than 4MB.
+ 3. When copying data into the allocated buffer, check the copy
+ size against both the compressed entry size and uncompressed
+ entry size.
+---
+ libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
+index 0f8262c..0a0be96 100644
+--- a/libarchive/archive_read_support_format_zip.c
++++ b/libarchive/archive_read_support_format_zip.c
+@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
+
+ switch(rsrc->compression) {
+ case 0: /* No compression. */
++ if (rsrc->uncompressed_size != rsrc->compressed_size) {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Malformed OS X metadata entry: inconsistent size");
++ return (ARCHIVE_FATAL);
++ }
+ #ifdef HAVE_ZLIB_H
+ case 8: /* Deflate compression. */
+ #endif
+@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
+ (intmax_t)rsrc->uncompressed_size);
+ return (ARCHIVE_WARN);
+ }
++ if (rsrc->compressed_size > (4 * 1024 * 1024)) {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Mac metadata is too large: %jd > 4M bytes",
++ (intmax_t)rsrc->compressed_size);
++ return (ARCHIVE_WARN);
++ }
+
+ metadata = malloc((size_t)rsrc->uncompressed_size);
+ if (metadata == NULL) {
+@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
+ bytes_avail = remaining_bytes;
+ switch(rsrc->compression) {
+ case 0: /* No compression. */
++ if ((size_t)bytes_avail > metadata_bytes)
++ bytes_avail = metadata_bytes;
+ memcpy(mp, p, bytes_avail);
+ bytes_used = (size_t)bytes_avail;
+ metadata_bytes -= bytes_used;
--
2.8.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari
2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
@ 2016-05-11 13:44 ` Ludovic Courtès
2016-05-12 1:55 ` Leo Famulari
2016-05-15 6:45 ` Leo Famulari
2 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2016-05-11 13:44 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> There is a buffer overflow in libarchive, CVE-2016-1541 [0]. According
> to MITRE description, it "allows remote attackers to execute arbitrary
> code via crafted entry-size values in a ZIP archive."
>
> Yikes!
>
> This patch applies the upstream patch [1].
>
> Requesting your review, since soooo many packages depend on libarchive.
LGTM.
> I will follow this commit with an "ungrafting" commit on core-updates.
Cool!
Thank you!
Ludo’.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès
@ 2016-05-12 1:55 ` Leo Famulari
2016-05-12 5:22 ` Jan Nieuwenhuizen
2016-05-12 7:24 ` Manolis Ragkousis
0 siblings, 2 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-12 1:55 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Wed, May 11, 2016 at 03:44:59PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> > This patch applies the upstream patch [1].
>
> LGTM.
Done as e7806e6ca.
> > I will follow this commit with an "ungrafting" commit on core-updates.
>
> Cool!
There are conflicts in cross gnu/packages/cross-base.scm when merging
master (e7806e6ca) into core-updates (f10e7ef47).
These are the commits that are conflicting:
Core-updates: 55de892b4 (gnu: glibc: Rename linux-headers input to
kernel-headers).
Master: efc4eb147 (gnu: cross: Use CROSS_*_INCLUDE_PATH for system
headers) and maybe the follow-up typo fix in 0a0884c9 (gnu: cross: Fix
typo).
I could try to resolve the conflict myself, but I think it's better if
Jan and Manolis work together, or at least give me some instructions.
Here are the specific conflicts I'm not sure how to resolve:
182 <<<<<<< HEAD
183 (string-prefix? kernel x)))
184
185 (setenv "CROSS_CPATH"
186 (string-append libc "/include:"
187 kernel "/include"))
188 =======
189 (string-prefix? linux x)))
190 (let ((cpath (string-append
191 libc "/include"
192 ":" linux "/include")))
193 (for-each (cut setenv <> cpath)
194 '("CROSS_C_INCLUDE_PATH"
195 "CROSS_CPLUS_INCLUDE_PATH"
196 "CROSS_OBJC_INCLUDE_PATH"
197 "CROSS_OBJCPLUS_INCLUDE_PATH")))
198 >>>>>>> master
347 <<<<<<< HEAD
348 (let ((kernel (assoc-ref inputs "kernel-headers")))
349 (setenv "CROSS_CPATH"
350 (string-append kernel "/include"))
351 =======
352 (let* ((linux (assoc-ref inputs "linux-headers"))
353 (cpath (string-append linux "/include")))
354 (for-each (cut setenv <> cpath)
355 '("CROSS_C_INCLUDE_PATH"
356 "CROSS_CPLUS_INCLUDE_PATH"
357 "CROSS_OBJC_INCLUDE_PATH"
358 "CROSS_OBJCPLUS_INCLUDE_PATH"))
359 >>>>>>> master
The other conflicts are just comments that need 's/linux/kernel'.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-12 1:55 ` Leo Famulari
@ 2016-05-12 5:22 ` Jan Nieuwenhuizen
2016-05-13 6:45 ` Leo Famulari
2016-05-12 7:24 ` Manolis Ragkousis
1 sibling, 1 reply; 10+ messages in thread
From: Jan Nieuwenhuizen @ 2016-05-12 5:22 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari writes:
> There are conflicts in cross gnu/packages/cross-base.scm when merging
> master (e7806e6ca) into core-updates (f10e7ef47).
>
> These are the commits that are conflicting:
>
> Core-updates: 55de892b4 (gnu: glibc: Rename linux-headers input to
> kernel-headers).
>
> Master: efc4eb147 (gnu: cross: Use CROSS_*_INCLUDE_PATH for system
> headers) and maybe the follow-up typo fix in 0a0884c9 (gnu: cross: Fix
> typo).
>
> I could try to resolve the conflict myself, but I think it's better if
> Jan and Manolis work together, or at least give me some instructions.
I looked into it. If you modify the patch, changing `linux' to
`kernel' except in one place
(define (cross? x)
==>except this line ;; Return #t if X is a cross-libc or cross Linux.
(or (string-prefix? libc x)
(string-prefix? kernel x)))
it applies cleanly. Here's what I did to do that mechanically.
git reset --hard origin/master
git rebase origin/core-updates
...
cp .git/rebase-apply/patch patch
sed -i s/linux/kernel/gi patch
sed -i 's/or cross kernel/or cross Linux/' patch
git reset --hard HEAD
patch -p1 < patch
If I can help any better, please let me know.
Greetings,
Jan
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-12 1:55 ` Leo Famulari
2016-05-12 5:22 ` Jan Nieuwenhuizen
@ 2016-05-12 7:24 ` Manolis Ragkousis
1 sibling, 0 replies; 10+ messages in thread
From: Manolis Ragkousis @ 2016-05-12 7:24 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Hey Leo,
Thanks for telling me. Modify it to
> 189 (string-prefix? kernel x)))
> 190 (let ((cpath (string-append
> 191 libc "/include"
> 192 ":" kernel "/include")))
> 193 (for-each (cut setenv <> cpath)
> 194 '("CROSS_C_INCLUDE_PATH"
> 195 "CROSS_CPLUS_INCLUDE_PATH"
> 196 "CROSS_OBJC_INCLUDE_PATH"
> 197 "CROSS_OBJCPLUS_INCLUDE_PATH")))
> 352 (let* ((kernel (assoc-ref inputs "kernel-headers"))
> 353 (cpath (string-append kernel "/include")))
> 354 (for-each (cut setenv <> cpath)
> 355 '("CROSS_C_INCLUDE_PATH"
> 356 "CROSS_CPLUS_INCLUDE_PATH"
> 357 "CROSS_OBJC_INCLUDE_PATH"
> 358 "CROSS_OBJCPLUS_INCLUDE_PATH"))
Update the patch and tell me if there are any more problems.
Thank you,
Manolis
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-12 5:22 ` Jan Nieuwenhuizen
@ 2016-05-13 6:45 ` Leo Famulari
2016-05-13 18:16 ` Jan Nieuwenhuizen
2016-05-14 17:26 ` Manolis Ragkousis
0 siblings, 2 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-13 6:45 UTC (permalink / raw)
To: Jan Nieuwenhuizen; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 402 bytes --]
On Thu, May 12, 2016 at 07:22:30AM +0200, Jan Nieuwenhuizen wrote:
> Leo Famulari writes:
>
> > There are conflicts in cross gnu/packages/cross-base.scm when merging
> > master (e7806e6ca) into core-updates (f10e7ef47).
Thanks Manolis and Jan. I think I resolved the conflict properly.
I've attached the file that results after I resolve the conflict. Can
you tell me if it's doing the right thing?
[-- Attachment #2: cross-base.scm --]
[-- Type: text/plain, Size: 16963 bytes --]
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages cross-base)
#:use-module (guix licenses)
#:use-module (gnu packages)
#:use-module (gnu packages gcc)
#:use-module (gnu packages base)
#:use-module (gnu packages commencement)
#:use-module (gnu packages linux)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (cross-binutils
cross-libc
cross-gcc))
(define %xgcc
;; GCC package used as the basis for cross-compilation. It doesn't have to
;; be 'gcc' and can be a specific variant such as 'gcc-4.8'.
gcc)
(define (cross p target)
(package (inherit p)
(name (string-append (package-name p) "-cross-" target))
(arguments
(substitute-keyword-arguments (package-arguments p)
((#:configure-flags flags)
`(cons ,(string-append "--target=" target)
,flags))))))
(define (package-with-patch original patch)
"Return package ORIGINAL with PATCH applied."
(package (inherit original)
(source (origin (inherit (package-source original))
(patches (list patch))))))
(define (cross-binutils target)
"Return a cross-Binutils for TARGET."
(let ((binutils (package (inherit binutils)
(arguments
(substitute-keyword-arguments (package-arguments
binutils)
((#:configure-flags flags)
;; Build with `--with-sysroot' so that ld honors
;; DT_RUNPATH entries when searching for a needed
;; library. This works because as a side effect
;; `genscripts.sh' sets `USE_LIBPATH=yes', which tells
;; elf32.em to use DT_RUNPATH in its search list.
;; See <http://sourceware.org/ml/binutils/2013-05/msg00312.html>.
;;
;; In theory choosing / as the sysroot could lead ld
;; to pick up native libs instead of target ones. In
;; practice the RUNPATH of target libs only refers to
;; target libs, not native libs, so this is safe.
`(cons "--with-sysroot=/" ,flags)))))))
;; For Xtensa, apply Qualcomm's patch.
(cross (if (string-prefix? "xtensa-" target)
(package-with-patch binutils
(search-patch
"ath9k-htc-firmware-binutils.patch"))
binutils)
target)))
(define (cross-gcc-arguments target libc)
"Return build system arguments for a cross-gcc for TARGET, using LIBC (which
may be either a libc package or #f.)"
;; Set the current target system so that 'glibc-dynamic-linker' returns the
;; right name.
(parameterize ((%current-target-system target))
;; Disable stripping as this can break binaries, with object files of
;; libgcc.a showing up as having an unknown architecture. See
;; <http://lists.fedoraproject.org/pipermail/arm/2010-August/000663.html>
;; for instance.
(let ((args `(#:strip-binaries? #f
,@(package-arguments %xgcc))))
(substitute-keyword-arguments args
((#:configure-flags flags)
`(append (list ,(string-append "--target=" target)
,@(if libc
`( ;; Disable libcilkrts because it is not
;; ported to GNU/Hurd.
"--disable-libcilkrts")
`( ;; Disable features not needed at this stage.
"--disable-shared" "--enable-static"
"--enable-languages=c,c++"
;; libstdc++ cannot be built at this stage
;; ("Link tests are not allowed after
;; GCC_NO_EXECUTABLES.").
"--disable-libstdc++-v3"
"--disable-threads" ;libgcc, would need libc
"--disable-libatomic"
"--disable-libmudflap"
"--disable-libgomp"
"--disable-libssp"
"--disable-libquadmath"
"--disable-decimal-float" ;would need libc
"--disable-libcilkrts"
)))
,(if libc
flags
`(remove (cut string-match "--enable-languages.*" <>)
,flags))))
((#:make-flags flags)
(if libc
`(let ((libc (assoc-ref %build-inputs "libc")))
;; FLAGS_FOR_TARGET are needed for the target libraries to receive
;; the -Bxxx for the startfiles.
(cons (string-append "FLAGS_FOR_TARGET=-B" libc "/lib")
,flags))
flags))
((#:phases phases)
(let ((phases
`(alist-cons-after
'install 'make-cross-binutils-visible
(lambda* (#:key outputs inputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(libexec (string-append out "/libexec/gcc/"
,target))
(binutils (string-append
(assoc-ref inputs "binutils-cross")
"/bin/" ,target "-"))
(wrapper (string-append
(assoc-ref inputs "ld-wrapper-cross")
"/bin/" ,target "-ld")))
(for-each (lambda (file)
(symlink (string-append binutils file)
(string-append libexec "/"
file)))
'("as" "nm"))
(symlink wrapper (string-append libexec "/ld"))
#t))
(alist-replace
'install
(lambda _
;; Unlike our 'strip' phase, this will do the right thing
;; for cross-compilers.
(zero? (system* "make" "install-strip")))
,phases))))
(if libc
`(alist-cons-before
'configure 'set-cross-path
(lambda* (#:key inputs #:allow-other-keys)
;; Add the cross kernel headers to CROSS_CPATH, and remove them
;; from CPATH.
(let ((libc (assoc-ref inputs "libc"))
(kernel (assoc-ref inputs "xkernel-headers")))
(define (cross? x)
;; Return #t if X is a cross-libc or cross Linux.
(or (string-prefix? libc x)
(string-prefix? kernel x)))
(let ((cpath (string-append
libc "/include"
":" kernel "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH")))
(setenv "CROSS_LIBRARY_PATH"
(string-append libc "/lib"))
(for-each
(lambda (var)
(and=> (getenv var)
(lambda (value)
(let* ((path (search-path-as-string->list value))
(native-path (list->search-path-as-string
(remove cross? path) ":")))
(setenv var native-path)))))
'("C_INCLUDE_PATH"
"CPLUS_INCLUDE_PATH"
"OBJC_INCLUDE_PATH"
"OBJCPLUS_INCLUDE_PATH"
"LIBRARY_PATH"))
#t))
,phases)
phases)))))))
(define (cross-gcc-patches target)
"Return GCC patches needed for TARGET."
(cond ((string-prefix? "xtensa-" target)
;; Patch by Qualcomm needed to build the ath9k-htc firmware.
(search-patches "ath9k-htc-firmware-gcc.patch"))
(else '())))
(define* (cross-gcc target
#:optional (xbinutils (cross-binutils target)) libc)
"Return a cross-compiler for TARGET, where TARGET is a GNU triplet. Use
XBINUTILS as the associated cross-Binutils. If LIBC is false, then build a
GCC that does not target a libc; otherwise, target that libc."
(package (inherit %xgcc)
(name (string-append "gcc-cross-"
(if libc "" "sans-libc-")
target))
(source (origin (inherit (package-source %xgcc))
(patches
(append
(origin-patches (package-source %xgcc))
(cons (search-patch "gcc-cross-environment-variables.patch")
(cross-gcc-patches target))))))
;; For simplicity, use a single output. Otherwise libgcc_s & co. are not
;; found by default, etc.
(outputs '("out"))
(arguments
`(#:implicit-inputs? #f
#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 regex)
(srfi srfi-1)
(srfi srfi-26))
,@(cross-gcc-arguments target libc)))
(native-inputs
`(("ld-wrapper-cross" ,(make-ld-wrapper
(string-append "ld-wrapper-" target)
#:target target
#:binutils xbinutils))
("binutils-cross" ,xbinutils)
;; Call it differently so that the builder can check whether the "libc"
;; input is #f.
("libc-native" ,@(assoc-ref %final-inputs "libc"))
;; Remaining inputs.
,@(let ((inputs (append (package-inputs %xgcc)
(alist-delete "libc" %final-inputs))))
(if libc
`(("libc" ,libc)
("xkernel-headers" ;the target headers
,@(assoc-ref (package-propagated-inputs libc)
"kernel-headers"))
,@inputs)
inputs))))
(inputs '())
;; Only search target inputs, not host inputs.
;; Note: See <http://bugs.gnu.org/22186> for why not 'CPATH'.
(search-paths
(list (search-path-specification
(variable "CROSS_C_INCLUDE_PATH")
(files '("include")))
(search-path-specification
(variable "CROSS_CPLUS_INCLUDE_PATH")
(files '("include")))
(search-path-specification
(variable "CROSS_OBJC_INCLUDE_PATH")
(files '("include")))
(search-path-specification
(variable "CROSS_OBJCPLUS_INCLUDE_PATH")
(files '("include")))
(search-path-specification
(variable "CROSS_LIBRARY_PATH")
(files '("lib" "lib64")))))
(native-search-paths '())))
(define* (cross-libc target
#:optional
(xgcc (cross-gcc target))
(xbinutils (cross-binutils target)))
"Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and
XBINUTILS and the cross tool chain."
(define xlinux-headers
(package (inherit linux-libre-headers)
(name (string-append (package-name linux-libre-headers)
"-cross-" target))
(arguments
(substitute-keyword-arguments
`(#:implicit-cross-inputs? #f
,@(package-arguments linux-libre-headers))
((#:phases phases)
`(alist-replace
'build
(lambda _
(setenv "ARCH" ,(system->linux-architecture target))
(format #t "`ARCH' set to `~a' (cross compiling)~%" (getenv "ARCH"))
(and (zero? (system* "make" "defconfig"))
(zero? (system* "make" "mrproper" "headers_check"))))
,phases))))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
,@(package-native-inputs linux-libre-headers)))))
(package (inherit glibc)
(name (string-append "glibc-cross-" target))
(arguments
(substitute-keyword-arguments
`(;; Disable stripping (see above.)
#:strip-binaries? #f
;; This package is used as a target input, but it should not have
;; the usual cross-compilation inputs since that would include
;; itself.
#:implicit-cross-inputs? #f
,@(package-arguments glibc))
((#:configure-flags flags)
`(cons ,(string-append "--host=" target)
,flags))
((#:phases phases)
`(alist-cons-before
'configure 'set-cross-kernel-headers-path
(lambda* (#:key inputs #:allow-other-keys)
(let* ((kernel (assoc-ref inputs "kernel-headers"))
(cpath (string-append kernel "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH"))
#t))
,phases))))
;; Shadow the native "kernel-headers" because glibc's recipe expects the
;; "kernel-headers" input to point to the right thing.
(propagated-inputs `(("kernel-headers" ,xlinux-headers)))
;; FIXME: 'static-bash' should really be an input, not a native input, but
;; to do that will require building an intermediate cross libc.
(inputs '())
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
,@(package-inputs glibc) ;FIXME: static-bash
,@(package-native-inputs glibc)))))
\f
;;;
;;; Concrete cross toolchains.
;;;
(define-public xgcc-mips64el
(let* ((triplet "mips64el-linux-gnuabi64") ;N64 ABI
(xgcc (cross-gcc triplet
(cross-binutils triplet)
(cross-libc triplet))))
;; Don't attempt to build this cross-compiler on i686;
;; see <http://bugs.gnu.org/19598>.
(package (inherit xgcc)
(supported-systems (fold delete
(package-supported-systems xgcc)
'("mips64el-linux" "i686-linux"))))))
(define-public xgcc-avr
;; AVR cross-compiler, used to build AVR-Libc.
(let ((triplet "avr"))
(cross-gcc triplet
(cross-binutils triplet))))
(define-public xgcc-xtensa
;; Bare-bones Xtensa cross-compiler, used to build the Atheros firmware.
(cross-gcc "xtensa-elf"))
(define-public xgcc-armhf
(let* ((triplet "arm-linux-gnueabihf")
(xgcc (cross-gcc triplet
(cross-binutils triplet)
(cross-libc triplet))))
(package (inherit xgcc)
(supported-systems (delete "armhf-linux" %supported-systems)))))
;; (define-public xgcc-armel
;; (let ((triplet "armel-linux-gnueabi"))
;; (cross-gcc triplet
;; (cross-binutils triplet)
;; (cross-libc triplet))))
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-13 6:45 ` Leo Famulari
@ 2016-05-13 18:16 ` Jan Nieuwenhuizen
2016-05-14 17:26 ` Manolis Ragkousis
1 sibling, 0 replies; 10+ messages in thread
From: Jan Nieuwenhuizen @ 2016-05-13 18:16 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari writes:
> I've attached the file that results after I resolve the conflict. Can
> you tell me if it's doing the right thing?
Yes that looks fine. Thanks,
Greetings, Jan
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-13 6:45 ` Leo Famulari
2016-05-13 18:16 ` Jan Nieuwenhuizen
@ 2016-05-14 17:26 ` Manolis Ragkousis
1 sibling, 0 replies; 10+ messages in thread
From: Manolis Ragkousis @ 2016-05-14 17:26 UTC (permalink / raw)
To: Leo Famulari; +Cc: Guix-devel
Okay from me as well.
Thank you
Manolis
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541
2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari
2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès
@ 2016-05-15 6:45 ` Leo Famulari
2 siblings, 0 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-15 6:45 UTC (permalink / raw)
To: guix-devel
On Tue, May 10, 2016 at 04:29:08PM -0400, Leo Famulari wrote:
> I will follow this commit with an "ungrafting" commit on core-updates.
Done as 4fa05a81983d4aa33837e1c01457442be7b58aad
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-05-15 6:45 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari
2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès
2016-05-12 1:55 ` Leo Famulari
2016-05-12 5:22 ` Jan Nieuwenhuizen
2016-05-13 6:45 ` Leo Famulari
2016-05-13 18:16 ` Jan Nieuwenhuizen
2016-05-14 17:26 ` Manolis Ragkousis
2016-05-12 7:24 ` Manolis Ragkousis
2016-05-15 6:45 ` Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).